Description
Parity Browser 1.6.10 and earlier allows remote attackers to bypass the Same Origin Policy and obtain sensitive information by requesting other websites via the Parity web proxy engine (reusing the current website's token, which is not bound to an origin).
Exploits (1)
References (4)
Core 4
Core References
Exploit, Technical Description, Third Party Advisory x_refsource_misc
https://github.com/tintinweb/pub/tree/master/pocs/cve-2017-18016
Exploit, Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2018/01/10/1
Exploit, Third Party Advisory, VDB Entry exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/43499/
Patch, Third Party Advisory x_refsource_confirm
https://github.com/paritytech/parity/commit/53609f703e2f1af76441344ac3b72811c726a215
Scores
CVSS v3
5.3
EPSS
0.0218
EPSS Percentile
84.4%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-346
Status
published
Products (1)
parity/browser
1.6.10
Published
Jan 11, 2018
Tracked Since
Feb 18, 2026